.github/workflows/deploy-devnet.yml

name: Deploy Devnet

on:

  workflow_dispatch:
    inputs:
      terms1:
        description: "I acknowledge that running this workflow will make changes to the state of our EKS environments..."
        type: boolean
        required: true
      terms2:
        description: "I understand that an updated chain-spec from the same CI Run as the Substrate image must be provided if Substrate PVCs are being wiped"
        type: boolean
        required: true
      terms3:
        description: "I have made the Team aware that this deployment is about to occur"
        type: boolean
        required: true
      substrate-node-image:
        description: "Substrate Node ECR Image (Leave blank to use value from master)"
        required: false
      chain-spec-secret-name:
        description: "Chain Spec Secret Name (Leave blank to use value from master, or if 'Wipe Substrate PVCs' is not selected)"
        required: false
      wipe:
        description: "Wipe Substrate PVCs?"
        type: boolean
        required: true
      rolling:
        description: "Rolling Upgrade without deleting pods or PVCs?"
        type: boolean
        required: true

jobs:
  deploy:
    runs-on: eks
    permissions:
      id-token: write
      contents: write
    steps:
      - name: Validate Terms and Conditions
        run: |
          echo "Validating terms and conditions..."
          if [[ "${{ github.event.inputs.terms1 }}" != 'true' || "${{ github.event.inputs.terms2 }}" != 'true' || "${{ github.event.inputs.terms3 }}" != 'true' ]]; then
            echo "Please read and accept all Terms before running the deployment. Exiting..."
            exit 1
          fi
          echo "All terms and conditions accepted."

      - name: Confirm Inputs and Evaluate Conditions
        id: evaluate-conditions
        run: |
          echo "Confirming inputs..."
          echo
          echo "substrate-node-image: ${{ github.event.inputs.substrate-node-image }}"
          echo "chain-spec-secret-name: ${{ github.event.inputs.chain-spec-secret-name }}"
          echo "wipe: ${{ github.event.inputs.wipe }}"
          echo "rolling: ${{ github.event.inputs.rolling }}"
          echo "Evaluating Deployment Type..."

          if [[ "${{ github.event.inputs.wipe }}" == 'true' ]]; then
            echo "wipe=true" >> $GITHUB_ENV
          else
            echo "wipe=false" >> $GITHUB_ENV
          fi

          if [[ "${{ github.event.inputs.rolling }}" == 'true' ]]; then
            echo "rolling=true" >> $GITHUB_ENV
          else
            echo "rolling=false" >> $GITHUB_ENV
          fi

          if [[ "${{ github.event.inputs.wipe }}" == 'true' && "${{ github.event.inputs.chain-spec-secret-name }}" != '' && "${{ github.event.inputs.substrate-node-image }}" != '' ]]; then
            echo "deployment_type=1" >> $GITHUB_ENV
            echo "Step: Deploy with chain-spec and image override will be run"
          elif [[ "${{ github.event.inputs.wipe }}" == 'false' && "${{ github.event.inputs.substrate-node-image }}" != '' ]]; then
            echo "deployment_type=2" >> $GITHUB_ENV
            echo "Step: Deploy with image override will be run"
          elif [[ "${{ github.event.inputs.substrate-node-image }}" == '' ]]; then
            echo "deployment_type=3" >> $GITHUB_ENV
            echo "Step: Deploy from master with no value overrides will be run"
          else
            echo "No matching condition for deployment"
            exit 1
          fi

      - name: Checkout sidechains-infra-priv repo
        uses: actions/checkout@v4
        with:
          repository: input-output-hk/sidechains-infra-priv
          token: ${{ secrets.ACTIONS_PAT }}
          path: sidechains-infra-priv

      - name: Install kubectl, kubernetes-helm and awscli
        run: |
          curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
          chmod +x ./kubectl
          sudo mv ./kubectl /usr/local/bin/kubectl
          curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | sudo tee /usr/share/keyrings/helm.gpg > /dev/null
          sudo apt-get install apt-transport-https --yes
          echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
          sudo apt-get update
          sudo apt-get install helm

      - name: Configure kubectl
        run: |
          echo "${{ secrets.kubeconfig_base64 }}" | base64 --decode > ${{ runner.temp }}/kubeconfig.yaml
          kubectl config set-cluster my-cluster --server=${{ secrets.K8S_SERVER }} --insecure-skip-tls-verify=true
          kubectl config set-credentials github-actions --token=${{ secrets.K8S_SA_TOKEN }}
          kubectl config set-context my-context --cluster=my-cluster --user=github-actions --namespace=default
          kubectl config use-context my-context

      - name: Delete pods
        if: env.rolling != 'true'
        continue-on-error: true
        run: |
          kubectl delete pod alice -n sc || true
          kubectl delete pod bob -n sc || true
          kubectl delete pod charlie -n sc || true
          kubectl delete pod dave -n sc || true
          kubectl delete pod eve -n sc || true
          kubectl delete pod ferdie -n sc || true
          kubectl delete pod greg -n sc || true
          kubectl delete pod henry -n sc || true
          echo "Waiting for all pods to delete..."
          kubectl wait --for=delete pod/alice pod/bob pod/charlie pod/dave pod/eve pod/ferdie pod/greg pod/henry -n sc --timeout=120s || true

      - name: Delete substrate PVCs
        if: env.wipe == 'true' && env.rolling != 'true'
        continue-on-error: true
        run: |
          kubectl delete pvc alice-claim-substrate-node-data -n sc
          kubectl delete pvc bob-claim-substrate-node-data -n sc
          kubectl delete pvc charlie-claim-substrate-node-data -n sc
          kubectl delete pvc dave-claim-substrate-node-data -n sc
          kubectl delete pvc eve-claim-substrate-node-data -n sc
          kubectl delete pvc ferdie-claim-substrate-node-data -n sc
          kubectl delete pvc greg-claim-substrate-node-data -n sc
          kubectl delete pvc henry-claim-substrate-node-data -n sc
          echo "Waiting for all PVCs to delete..."
          kubectl wait --for=delete pvc/alice-claim-substrate-node-data pvc/bob-claim-substrate-node-data pvc/charlie-claim-substrate-node-data pvc/dave-claim-substrate-node-data pvc/eve-claim-substrate-node-data pvc/ferdie-claim-substrate-node-data pvc/greg-claim-substrate-node-data pvc/henry-claim-substrate-node-data -n sc --timeout=120s

      - name: Deploy with chain-spec and image override
        if: env.deployment_type == 1
        run: |
          cd sidechains-infra-priv/src/kube/helm/partner-chains-node-chart/
          helm upgrade --install alice . -f values/chains/devnet.yaml -f values/nodes/devnet/alice.yaml --set images.substrateNode="${{ github.event.inputs.substrate-node-image }}" --set chain.chainspec_secretName="${{ github.event.inputs.chain-spec-secret-name }}"
          helm upgrade --install bob . -f values/chains/devnet.yaml -f values/nodes/devnet/bob.yaml --set images.substrateNode="${{ github.event.inputs.substrate-node-image }}" --set chain.chainspec_secretName="${{ github.event.inputs.chain-spec-secret-name }}"
          helm upgrade --install charlie . -f values/chains/devnet.yaml -f values/nodes/devnet/charlie.yaml --set images.substrateNode="${{ github.event.inputs.substrate-node-image }}" --set chain.chainspec_secretName="${{ github.event.inputs.chain-spec-secret-name }}"
          helm upgrade --install dave . -f values/chains/devnet.yaml -f values/nodes/devnet/dave.yaml --set images.substrateNode="${{ github.event.inputs.substrate-node-image }}" --set chain.chainspec_secretName="${{ github.event.inputs.chain-spec-secret-name }}"
          helm upgrade --install eve . -f values/chains/devnet.yaml -f values/nodes/devnet/eve.yaml --set images.substrateNode="${{ github.event.inputs.substrate-node-image }}" --set chain.chainspec_secretName="${{ github.event.inputs.chain-spec-secret-name }}"
          helm upgrade --install ferdie . -f values/chains/devnet.yaml -f values/nodes/devnet/ferdie.yaml --set images.substrateNode="${{ github.event.inputs.substrate-node-image }}" --set chain.chainspec_secretName="${{ github.event.inputs.chain-spec-secret-name }}"
          helm upgrade --install greg . -f values/chains/devnet.yaml -f values/nodes/devnet/greg.yaml --set images.substrateNode="${{ github.event.inputs.substrate-node-image }}" --set chain.chainspec_secretName="${{ github.event.inputs.chain-spec-secret-name }}"
          helm upgrade --install henry . -f values/chains/devnet.yaml -f values/nodes/devnet/henry.yaml --set images.substrateNode="${{ github.event.inputs.substrate-node-image }}" --set chain.chainspec_secretName="${{ github.event.inputs.chain-spec-secret-name }}"

      - name: Deploy with image override
        if: env.deployment_type == 2
        run: |
          cd sidechains-infra-priv/src/kube/helm/partner-chains-node-chart/
          helm upgrade --install alice . -f values/chains/devnet.yaml -f values/nodes/devnet/alice.yaml --set images.substrateNode="${{ github.event.inputs.substrate-node-image }}"
          helm upgrade --install bob . -f values/chains/devnet.yaml -f values/nodes/devnet/bob.yaml --set images.substrateNode="${{ github.event.inputs.substrate-node-image }}"
          helm upgrade --install charlie . -f values/chains/devnet.yaml -f values/nodes/devnet/charlie.yaml --set images.substrateNode="${{ github.event.inputs.substrate-node-image }}"
          helm upgrade --install dave . -f values/chains/devnet.yaml -f values/nodes/devnet/dave.yaml --set images.substrateNode="${{ github.event.inputs.substrate-node-image }}"
          helm upgrade --install eve . -f values/chains/devnet.yaml -f values/nodes/devnet/eve.yaml --set images.substrateNode="${{ github.event.inputs.substrate-node-image }}"
          helm upgrade --install ferdie . -f values/chains/devnet.yaml -f values/nodes/devnet/ferdie.yaml --set images.substrateNode="${{ github.event.inputs.substrate-node-image }}"
          helm upgrade --install greg . -f values/chains/devnet.yaml -f values/nodes/devnet/greg.yaml --set images.substrateNode="${{ github.event.inputs.substrate-node-image }}"
          helm upgrade --install henry . -f values/chains/devnet.yaml -f values/nodes/devnet/henry.yaml --set images.substrateNode="${{ github.event.inputs.substrate-node-image }}"

      - name: Deploy from master with no value overrides
        if: env.deployment_type == 3
        run: |
          cd sidechains-infra-priv/src/kube/helm/partner-chains-node-chart/
          helm upgrade --install alice . -f values/chains/devnet.yaml -f values/nodes/devnet/alice.yaml
          helm upgrade --install bob . -f values/chains/devnet.yaml -f values/nodes/devnet/bob.yaml
          helm upgrade --install charlie . -f values/chains/devnet.yaml -f values/nodes/devnet/charlie.yaml
          helm upgrade --install dave . -f values/chains/devnet.yaml -f values/nodes/devnet/dave.yaml
          helm upgrade --install eve . -f values/chains/devnet.yaml -f values/nodes/devnet/eve.yaml
          helm upgrade --install ferdie . -f values/chains/devnet.yaml -f values/nodes/devnet/ferdie.yaml
          helm upgrade --install greg . -f values/chains/devnet.yaml -f values/nodes/devnet/greg.yaml
          helm upgrade --install henry . -f values/chains/devnet.yaml -f values/nodes/devnet/henry.yaml

      - name: Wait
        run: |
          echo "Waiting for Alice..."
          kubectl wait --for=condition=ready pod alice -n sc --timeout=300s

          echo "Waiting for Bob..."
          kubectl wait --for=condition=ready pod bob -n sc --timeout=300s

          echo "Waiting for Charlie..."
          kubectl wait --for=condition=ready pod charlie -n sc --timeout=300s

          echo "Waiting for Dave..."
          kubectl wait --for=condition=ready pod dave -n sc --timeout=300s

          echo "Waiting for Eve..."
          kubectl wait --for=condition=ready pod eve -n sc --timeout=300s

          echo "Waiting for Ferdie..."
          kubectl wait --for=condition=ready pod ferdie -n sc --timeout=300s

          echo "Waiting for Greg..."
          kubectl wait --for=condition=ready pod greg -n sc --timeout=300s

          echo "Waiting for Henry..."
          kubectl wait --for=condition=ready pod henry -n sc --timeout=300s

      - name: Validate
        run: |
          echo "Checking Alice..."
          kubectl get pod alice -n sc -o jsonpath="{.status.containerStatuses[*].ready}"

          echo "Checking Bob..."
          kubectl get pod bob -n sc -o jsonpath="{.status.containerStatuses[*].ready}"

          echo "Checking Charlie..."
          kubectl get pod charlie -n sc -o jsonpath="{.status.containerStatuses[*].ready}"

          echo "Checking Dave..."
          kubectl get pod dave -n sc -o jsonpath="{.status.containerStatuses[*].ready}"

          echo "Checking Eve..."
          kubectl get pod eve -n sc -o jsonpath="{.status.containerStatuses[*].ready}"

          echo "Checking Ferdie..."
          kubectl get pod ferdie -n sc -o jsonpath="{.status.containerStatuses[*].ready}"

          echo "Checking Greg..."
          kubectl get pod greg -n sc -o jsonpath="{.status.containerStatuses[*].ready}"

          echo "Checking Henry..."
          kubectl get pod henry -n sc -o jsonpath="{.status.containerStatuses[*].ready}"

          kubectl get pods -n sc -o custom-columns='NAME:.metadata.name,READY:.status.containerStatuses[*].ready' | grep -E '^(alice|bob|charlie|dave|eve|ferdie|greg|henry)' | awk '{if ($2 != "true,true,true,true") exit 1}'
          echo "All pods are 4/4 up and ready"